Public clouds are distributed computing systems where the cloud infrastructure is made available to the general public or a large industry group and the distributed computing system is typically owned by an organization selling cloud services. Public clouds allow users to share resources and applications in accordance with the scale of the use of each user. Because a public cloud typically serves many independent user entities, public cloud is a multi-tenant environment. Typically, in a public cloud, a single architecture hosts multiple customers' applications and data. A public cloud is one type of public computer system. Public computer systems directly solicit usage from at least a substantial portion of the general public (for example, this type of computer system may directly solicit usage by anybody in a large industry group that includes many companies and individuals). Typically, a public computer system user must authenticate in some manner before a session that uses computing resources of the public computer system.
A private cloud differs from a public cloud. A private cloud is a term for a cloud infrastructure that is operated primarily to serve the computing needs of a single entity (for example, an individual, a company, a charitable organization). Resources utilized in a private cloud can be deployed internally. As such, rather than running web-based and rich client applications over the Internet, a private cloud can employ cloud computing within a company's own local or wide area networks. When the resources of a private cloud are located localized in this manner, the private cloud can be referred to as a local cloud. The term implies that the same virtualization and highly flexible and scalable methods used in huge Internet-based datacenters are also used in the private clouds in the enterprise. A cloud which is local and/or private is herein referred is one type of private computer system. Private computer systems do not directly solicit usage by any substantial segment of the public. Typically, a private computer system must authenticate a user in some manner before initiating a session that uses computing resources of the private computer system.
Establishing connectivity between private computer systems (e.g., private cloud computing systems) and public computing systems (e.g., public cloud computing systems) can be advantageous for reasons such as resource sharing, but can present many technical challenges. In fact, the complexities of connecting these systems can be so overwhelming that connectivity can take days to achieve. Various methods utilized to establish connections between these two computer systems include, but are not limited to: 1) OpenVPN, an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities using a custom security protocol; 2) IPSec VPN, using the Internet Protocol Security (IPsec) set of protocols, which sit on top of the Internet Protocol (IP) layer, to allow the two systems to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session over a VPN; 3) a direct connection over the Internet, couples with additional firewall rules on each side of the network; and/or 4) a leased line connection between the two physical sites that house the computer systems. However, these and other methods of connecting a private computer system to a public computer system are technically complex because they require the use of a VPN, at least one firewall, network address translation (NAT), and programs that configure routing configurations on gateways to both systems (e.g., the private cloud gateway and the public cloud gateway).
Because the gateway equipment on each side of a hybrid connection between a public and private computing system can be provided by different vendors, there is no single configuration protocol that can be reliably utilized across both systems. Instead, engineers working on both systems must coordinate to complete an initial configuration, as well as to make any adjustments necessitated by changes to either system. For example, engineers working at the private cloud and the public systems exchange security information, such as certificates, shared-keys, and other configuration parameters, because the measures must match on both the sides for the connection to succeed. The engineers must also coordinate with each other to troubleshoot VPN and firewall issues, expanding the timeline for setting up a routing configuration. Finally, the engineers on either side must coordinate when making any incremental change to the configuration of either system, such as opening a new port or adding a new element, because a change in one system can require changes to firewall configurations and VPN configurations in both systems.